Merge branch 'develop' into main

.github/workflows/deploy.yml

@@ -5,6 +5,7 @@ on:
     branches:
       - main
       - develop
+      - research
 
 env:
   GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}

CHANGELOG.md

@@ -6,6 +6,12 @@ The format is based on [Keep a Changelog 1.0.0].
 
 ## [Unreleased]
 
+## [release-009] - 2021-05-21
+
+- fix multiple specification fields
+- content security policy
+- remove humans.txt
+
 ## [release-008] - 2021-05-19
 
 - auto deploy research and preview environments
@@ -17,6 +23,7 @@ The format is based on [Keep a Changelog 1.0.0].
 - remove `Returning to this specification` URL from task list
 - Add Tasks to the database when iterating through Sections from Contentful
 - fix XSS vulnerability by sanitising all user answers
+- support specification templates that exceed 50,000 characters in Contentful
 
 ## [release-006] - 2021-04-01
 
@@ -126,7 +133,8 @@ Contentful fixture
 - Contentful can redirect users to preview endpoints
 - users can be asked to answer a long text question
 
-[unreleased]: https://github.com/DFE-Digital/buy-for-your-school/compare/release-008...HEAD
+[unreleased]: https://github.com/DFE-Digital/buy-for-your-school/compare/release-009...HEAD
+[release-009]: https://github.com/DFE-Digital/buy-for-your-school/compare/release-008...release-009
 [release-008]: https://github.com/DFE-Digital/buy-for-your-school/compare/release-007...release-008
 [release-007]: https://github.com/DFE-Digital/buy-for-your-school/compare/release-006...release-007
 [release-006]: https://github.com/DFE-Digital/buy-for-your-school/compare/release-005...release-006

app/assets/stylesheets/components/_specification.scss

@@ -1,4 +1,4 @@
-#specification {
+#specification, .specification {
   h2 {
     @extend .govuk-heading-m;
   }

app/services/create_journey.rb

@@ -14,7 +14,7 @@ def call
       user: user,
       started: true,
       last_worked_on: Time.zone.now,
-      liquid_template: category.specification_template
+      liquid_template: category.combined_specification_template
     )
 
     journey.section_groups = build_section_groupings(sections: contentful_sections)

app/services/get_category.rb

@@ -1,3 +1,7 @@
+class Contentful::Entry
+  attr_accessor :combined_specification_template
+end
+
 class GetCategory
   class InvalidLiquidSyntax < StandardError; end
 
@@ -14,8 +18,12 @@ def call
       raise
     end
 
+    # INFO: Due to a 50k character limit within Contentful we check to see if
+    # we need to combine this value from multiple fields set on a Contentful Category.
+    category.combined_specification_template = combined_specification_templates(category: category)
+
     begin
-      validate_liquid(template: category.specification_template)
+      validate_liquid(template: category.combined_specification_template)
     rescue Liquid::SyntaxError => error
       send_rollbar_error(message: "A user couldn't start a journey because of an invalid Specification", entry_id: category_entry_id)
       raise InvalidLiquidSyntax.new(message: error.message)
@@ -39,4 +47,22 @@ def send_rollbar_error(message:, entry_id:)
   def validate_liquid(template:)
     Liquid::Template.parse(template, error_mode: :strict)
   end
+
+  def combined_specification_templates(category:)
+    specification_template_array = []
+
+    # Allow a new `specification_template_part_x` field to be added in Contentful
+    # without requiring an additional code change.
+    all_specification_fields = (category.public_methods - Object.methods)
+      .grep(/^specification_template(_part[0-9]+)*(?<!=)$/)
+      .sort
+
+    all_specification_fields.each do |specification_field|
+      if category.respond_to?(specification_field)
+        specification_template_array << category.send(specification_field)
+      end
+    end
+
+    specification_template_array.compact.join("\n")
+  end
 end

config/initializers/content_security_policy.rb

@@ -6,19 +6,19 @@
 # For further information see the following documentation
 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
 
-# Rails.application.config.content_security_policy do |policy|
-#   policy.default_src :self, :https
-#   policy.font_src    :self, :https, :data
-#   policy.img_src     :self, :https, :data
-#   policy.object_src  :none
-#   policy.script_src  :self, :https
-#   policy.style_src   :self, :https
-#   # If you are using webpack-dev-server then specify webpack-dev-server host
-#   policy.connect_src :self, :https, "http://localhost:3035", "ws://localhost:3035" if Rails.env.development?
+Rails.application.config.content_security_policy do |policy|
+  policy.default_src :self, :https
+  policy.font_src :self, :https, :data
+  policy.img_src :self, :https, :data
+  policy.object_src :none
+  policy.script_src :self, :https
+  policy.style_src :self, :https
+  # If you are using webpack-dev-server then specify webpack-dev-server host
+  # policy.connect_src :self, :https, "http://localhost:3035", "ws://localhost:3035" if Rails.env.development?
 
-#   # Specify URI for violation reports
-#   # policy.report_uri "/csp-violation-report-endpoint"
-# end
+  # Specify URI for violation reports
+  # policy.report_uri "/csp-violation-report-endpoint"
+end
 
 # If you are using UJS then enable automatic nonce generation
 # Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) }

doc/architecture/decisions/0012-use-logit-for-application-logs.md

@@ -0,0 +1,23 @@
+# 12. use-logit-for-application-logs
+
+Date: 2021-04-19
+
+## Status
+
+Accepted
+
+## Context
+
+- Application logs needs to be aggregated and presented back to the dev team to assist in monitoring and debugging of the live service.
+- [DfE Digital have technical guidance expressing a preference for Logit](https://github.com/DFE-Digital/technical-guidance/blob/8380ad9dbfeefaeece081cace9f13e4c36200cd0/source/documentation/guides/default-technology-stack.html.md.erb#L93)
+- We were prompted for a Logit account by DfE when setting up our GPaaS account
+- GPaaS does provide access to logs but it is clumsy to access each environment over by using the CLI
+- dxw have used other logging aggregators in the past such as Papertrail but as DfE have expressed a preference it makes sense to align our technical tooling
+
+## Decision
+
+Use Logit
+
+## Consequences
+
+- the logs DfE digital services are managed through a single application, owned and paid for by DfE. Transitioning from the contractor team to a DfE team should be easier

doc/console-access.md

@@ -24,7 +24,7 @@ You must have have been given 'Space developer' access to the intended space, fo
     ```
 1. Change space
     ```
-    $ cf space <space name>
+    $ cf target -s <space name>
     ```
 1. View available services
     ```

script/deploy-terraform

@@ -12,7 +12,7 @@ then
 fi
 
 # Set env_TF_VAR_ environment variables from GITHUB_SECRETS_JSON
-eval $(echo "$GITHUB_SECRETS_JSON" | jq -r --arg e "$(echo "$TF_VAR_environment" | awk '{ print toupper($0) }' )" 'with_entries(select(.key | startswith($e + "_TF_VAR_") ) ) | keys[] as $k | "export \($k[($e + "_" | length):])=\(.[$k])"')
+eval $(echo "$GITHUB_SECRETS_JSON" | jq -r --arg e "$(echo "$TF_VAR_environment" | awk '{ print toupper($0) }' )" 'with_entries(select(.key | startswith($e + "_TF_VAR_") ) ) | keys[] as $k | "export TF_VAR_\($k[($e + "_TF_VAR_" | length):] | ascii_downcase)=\(.[$k])"')
 
 # Disable the shellcheck check for unassigned variables. We export this var
 # in Github Actions, but Shellcheck complains because there are lowercase

spec/features/school_buying_professionals/see_their_catering_specification_spec.rb

@@ -83,4 +83,18 @@
       expect(page).to have_content("You have not completed all the tasks. There may be information missing from your specification.")
     end
   end
+
+  context "when the spec template is configured using multiple sections" do
+    it "renders both parts in the spec" do
+      start_journey_from_category_and_go_to_question(category: "multiple-specification-templates.json")
+
+      choose("Catering")
+      click_on(I18n.t("generic.button.next"))
+      click_on(I18n.t("journey.specification.button"))
+
+      expect(page).to have_content(I18n.t("journey.specification.header"))
+      expect(page).to have_content("Part 1")
+      expect(page).to have_content("Part 2")
+    end
+  end
 end

spec/fixtures/contentful/categories/category-with-dynamic-liquid-template.json

@@ -39,6 +39,6 @@
             }
           }
         ],
-        "specification_template": "<article id='specification'>\n  <section>\n    <h2>Menus and ordering</h2>\n    <h3>Food standards</h2>\n    <ol>\n      {% if answer_radio-question %}\n        <li>\n          <p class='govuk-body'>The school also requires the service to comply with the following non-mandatory food standards or schemes:</p>\n          <p class='govuk-body'>{{answer_radio-question}}</p>\n        </li>\n      {% endif %}\n    </ol>\n  </section>\n</artcile>"
+        "specificationTemplate": "<article id='specification'>\n  <section>\n    <h2>Menus and ordering</h2>\n    <h3>Food standards</h2>\n    <ol>\n      {% if answer_radio-question %}\n        <li>\n          <p class='govuk-body'>The school also requires the service to comply with the following non-mandatory food standards or schemes:</p>\n          <p class='govuk-body'>{{answer_radio-question}}</p>\n        </li>\n      {% endif %}\n    </ol>\n  </section>\n</artcile>"
     }
 }

spec/fixtures/contentful/categories/category-with-invalid-liquid-template.json

@@ -31,6 +31,6 @@
     "fields": {
         "title": "Catering",
         "sections": [],
-        "specification_template": "<h1>{{{invalid Liquid%}}}</h1>"
+        "specificationTemplate": "<h1>{{{invalid Liquid%}}}</h1>"
     }
 }

spec/fixtures/contentful/categories/category-with-liquid-template.json

@@ -39,6 +39,6 @@
             }
           }
         ],
-        "specification_template": "<article id='specification'><h1>Liquid {{templating}}</h1></article>"
+        "specificationTemplate": "<article id='specification'><h1>Liquid {{templating}}</h1></article>"
     }
 }

spec/fixtures/contentful/categories/category-with-no-steps.json

@@ -31,6 +31,6 @@
     "fields": {
         "title": "Catering",
         "sections": [],
-        "specification_template": "<article id='specification'><h1>Liquid {{templating}}</h1></article>"
+        "specificationTemplate": "<article id='specification'><h1>Liquid {{templating}}</h1></article>"
     }
 }

spec/fixtures/contentful/categories/checkboxes-question.json

@@ -39,6 +39,6 @@
             }
           }
         ],
-        "specification_template": "<article id='specification'><h1>Liquid {{templating}}</h1></article>"
+        "specificationTemplate": "<article id='specification'><h1>Liquid {{templating}}</h1></article>"
     }
 }

spec/fixtures/contentful/categories/currency-question.json

@@ -39,6 +39,6 @@
             }
           }
         ],
-        "specification_template": "<article id='specification'><h1>Liquid {{templating}}</h1></article>"
+        "specificationTemplate": "<article id='specification'><h1>Liquid {{templating}}</h1></article>"
     }
 }

spec/fixtures/contentful/categories/extended-checkboxes-question.json

@@ -39,6 +39,6 @@
             }
           }
         ],
-        "specification_template": "<article id='specification'><h1>Liquid {{templating}}</h1><ul>{% for checkbox_answer in answer_extended-checkboxes-question['selected_answers'] %}<li>{{ checkbox_answer['human_value'] }}</li><li>{{ checkbox_answer.further_information }}</li>{% endfor %}</ul></article>"
+        "specificationTemplate": "<article id='specification'><h1>Liquid {{templating}}</h1><ul>{% for checkbox_answer in answer_extended-checkboxes-question['selected_answers'] %}<li>{{ checkbox_answer['human_value'] }}</li><li>{{ checkbox_answer.further_information }}</li>{% endfor %}</ul></article>"
     }
 }

spec/fixtures/contentful/categories/extended-long-answer-checkboxes-question.json

@@ -39,6 +39,6 @@
             }
           }
         ],
-        "specification_template": "<article id='specification'><h1>Liquid {{templating}}</h1></article>"
+        "specificationTemplate": "<article id='specification'><h1>Liquid {{templating}}</h1></article>"
     }
 }

spec/fixtures/contentful/categories/extended-long-answer-radio-question.json

@@ -39,6 +39,6 @@
             }
           }
         ],
-        "specification_template": "<article id='specification'><h1>{{answer_extended-radio-question}}</h1></article>"
+        "specificationTemplate": "<article id='specification'><h1>{{answer_extended-radio-question}}</h1></article>"
     }
 }

spec/fixtures/contentful/categories/extended-radio-question.json

@@ -39,6 +39,6 @@
             }
           }
         ],
-        "specification_template": "<article id='specification'><h1>{{answer_extended-radio-question}}</h1><ul>{% for extended_answer in extended_answer_extended-radio-question %}<li>{{ extended_answer['response'] }}</li><li>{{ extended_answer['further_information'] }}</li>{% endfor %}</ul></article>"
+        "specificationTemplate": "<article id='specification'><h1>{{answer_extended-radio-question}}</h1><ul>{% for extended_answer in extended_answer_extended-radio-question %}<li>{{ extended_answer['response'] }}</li><li>{{ extended_answer['further_information'] }}</li>{% endfor %}</ul></article>"
     }
 }

spec/fixtures/contentful/categories/hidden-field.json

@@ -39,6 +39,6 @@
             }
           }
         ],
-        "specification_template": "<article id='specification'><h1>{{answer_hidden-field}}</h1></article>"
+        "specificationTemplate": "<article id='specification'><h1>{{answer_hidden-field}}</h1></article>"
     }
 }

spec/fixtures/contentful/categories/journey-with-multiple-entries.json

@@ -39,6 +39,6 @@
             }
           }
         ],
-        "specification_template": "<article id='specification'><h1>Liquid {{templating}}</h1></article>"
+        "specificationTemplate": "<article id='specification'><h1>Liquid {{templating}}</h1></article>"
     }
 }

spec/fixtures/contentful/categories/journey-with-repeat-entries.json

@@ -39,6 +39,6 @@
             }
           }
         ],
-        "specification_template": "<article id='specification'><h1>Liquid {{templating}}</h1></article>"
+        "specificationTemplate": "<article id='specification'><h1>Liquid {{templating}}</h1></article>"
     }
 }

spec/fixtures/contentful/categories/long-text-question.json

@@ -39,6 +39,6 @@
             }
           }
         ],
-        "specification_template": "<article id='specification'><h1>Liquid {{templating}}</h1></article>"
+        "specificationTemplate": "<article id='specification'><h1>Liquid {{templating}}</h1></article>"
     }
 }

spec/fixtures/contentful/categories/markdown-help-text.json

@@ -39,6 +39,6 @@
             }
           }
         ],
-        "specification_template": "<article id='specification'><h1>Liquid {{templating}}</h1></article>"
+        "specificationTemplate": "<article id='specification'><h1>Liquid {{templating}}</h1></article>"
     }
 }

spec/fixtures/contentful/categories/missing-entry-id.json

@@ -31,6 +31,6 @@
     "fields": {
         "title": "Catering",
         "sections": [],
-        "specification_template": "<article id='specification'><h1>Liquid {{templating}}</h1></article>"
+        "specificationTemplate": "<article id='specification'><h1>Liquid {{templating}}</h1></article>"
     }
 }

spec/fixtures/contentful/categories/multiple-sections-and-steps.json

@@ -46,6 +46,6 @@
             }
           }
         ],
-        "specification_template": "<article id='specification'><h1>Liquid {{templating}}</h1></article>"
+        "specificationTemplate": "<article id='specification'><h1>Liquid {{templating}}</h1></article>"
     }
 }

spec/fixtures/contentful/categories/multiple-sections.json

@@ -46,6 +46,6 @@
             }
           }
         ],
-        "specification_template": "<article id='specification'><h1>Liquid {{templating}}</h1></article>"
+        "specificationTemplate": "<article id='specification'><h1>Liquid {{templating}}</h1></article>"
     }
 }